1 Reply Latest reply: Mar 22, 2012 3:33 PM by Esther Mofet
kristin. Level 2 (235 points)

On three of my Xserves I have SSH access restricted to a handful of users and these users are Open Directory-based users. Aside from the fact that these users don't have a home directory on the servers they connect to (as they're not local users to those machines), I'm having an issue where, when they try and run a command via SUDO, they get an error stating they are not in the sudoers file and thus can't complete the command.


I'm wondering if anyone has a solution for this? Should I not be using OD-based users for SSH?




  • Esther Mofet Level 1 (130 points)

    Sure, you can use OD-based users and sudo.


    Maybe add your users to the domain's Administrators group, which, by default, would grant sudo on the member machines. Careful, though, as that's the _domain_ administration group. If you need to restrict access so they can't make domain admin level changes but so they can do just about anything on your member servers and workstations, you could just create a new sudo group, maybe called "sudo-admins" then append an appropriate line to the sudoers files on all of your machines... maybe a line that reads:


    %sudo-admins  ALL=(ALL) ALL


    (standard warning about using caution while editing sudoers goes here -- be careful)